> How do you envision the transition from this single-signature
> architecture to one where other users and/or independent build farms
> can add their signatures to hydra?  Will those signatures be treated
> differently than the signatures created by hydra.gnu.org?  Will they
> be stored and sent to users using a different mechanism?

Let’s not get ahead of ourselves.  The “single signature” solution is
far from being perfect, but it’s way better than nothing.  I suspect
that the “web of trust” thing would require a lot of effort.  So I
propose to postpone that until we implement the former since a bird in
the hand is worth two in the bush.  Even though that bird would be an
obvious target for an attacker.
c